CVE-2024-4099

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.0 through 17.2.7 GitLab EE versions 17.3 through 17.3.3 GitLab EE versions 17.4 through 17.4.0

Description: An issue has been discovered in GitLab EE affecting the AI feature, which reads unsanitized content. This could have allowed an attacker to hide prompt injection, potentially impacting data integrity. The vulnerability is related to a lack of output encoding or sanitization mechanism in the AI feature of the GitLab platform.

Recommendations: For GitLab EE versions 16.0 through 17.2.7, update to version 17.2.8 or later. For GitLab EE versions 17.3 through 17.3.3, update to version 17.3.4 or later. For GitLab EE versions 17.4 through 17.4.0, update to version 17.4.1 or later. As a temporary workaround, consider disabling the AI feature until a patch is available. Restrict access to the AI feature to minimize the risk of exploitation. Avoid using the AI feature in sensitive environments until the issue is resolved.